The Environmental Protection Agency released an enforcement alert that provides community water systems with information on steps they can take to ensure compliance with Safe Drinking Water Act Section 1433 and to reduce cybersecurity vulnerabilities. The EPA notes that cyberattacks against CWSs are increasing in frequency and severity across the country. Section 1433 of the SDWA requires all CWSs serving more than 3,300 people to conduct Risk and Resilience Assessments, develop Emergency Response Plans and certify their completion to EPA. Additionally, systems must review their RRA and ERP every five years, revise them if necessary, and certify completion of these steps to EPA.

The EPA has identified 70% of the inspected systems are in violation of basic SDWA requirements. EPA has taken over 100 SDWA enforcement actions nationally against CWSs for violations of Section 1433 since 2020. There are many resources available to assist utilities with making these essential changes. EPA’s Office of Water website includes information and resources for water and wastewater systems related to cybersecurity. Utilities can find helpful information on cyber risks and available resources to assist CWSs from EPA’s Cybersecurity for the Water Sector web page and the joint EPA and CISA Water and Wastewater Cybersecurity website.